Virus Hunter

Virus Hunter

Who would have thought a youth misspent playing Space Invaders and Donkey Kong could prepare you for the real world? Certainly not Mikko Hypponen’s father, who, seeing no future in computers and frustrated by his son’s obsession with them, sometimes resorted to desperate measures. “He removed the fuse in my bedroom to turn the electricity off, just to get me to come to the dinner table,” says Hypponen.

But as it turned out, the hours spent taking on alien invaders served as training for battling an altogether different kind of assailant: computer viruses. Hypponen, now the chief research officer of the Finnish computer security firm F-Secure, has become one of the most respected virus hunters in the business.

He and his team were on the front line during outbreaks of Slapper – a worm that affected tens of thousands of com-puters in 2002 by exploiting a vulnerability in Linux Web server software – and Sobig.F, a worm that at its peak in 2003 was lurking in one of every 17 e-mails. He is also credited with being the first to warn about the May 2004 outbreak of the Sasser worm, which infected hundreds of thousands of computers across the globe – stopping train traffic in Australia, delaying Delta flights in the United States, and paralyzing Taiwan’s national post office.

But where Hypponen really shines is in predicting new threats long before they occur. He warned of the possibility of document-infecting macroviruses, such as the infamous Melissa virus, in the early 1990s, two years before they started to appear, and he predicted mobile-phone viruses several years before the first one struck.

Hypponen doesn’t attribute his skill at tackling malware to video game-honed strategies per se, but rather to the fundamental knowledge of computers that he developed in his teenage gaming years. Frustrated by how long games took to load on his Commodore 64, he taught himself assembly language so he could write code that would speed up the process. By 14 he was already making money from his programs. “I was selling them to floppy magazines, magazines published on floppy disks,” he says.

The skills he picked up during this period would serve him well. He joined F-Secure (which at the time was called Data Fellows) in 1991, and a year later, he got his first taste of decoding a virus. Back then, viruses were a relatively new phenomenon, and resources for dealing with them were sparse.

“I couldn’t run the virus on a machine to see what it did because we couldn’t spare one. They were too expensive.” Instead, he had to print out nearly 40 pages of code and meticulously go through it line by line, trying to figure out what the program did. The process took about three days – long enough to get him hooked.

Today, of course, computers are cheap, so running viruses isn’t a problem. But Hypponen still uses his reverse-engineering skill in trying to predict new threats. Virus writers are no longer interested in notoriety, he says; these days they are after money. He believes virus writers are now teaming up with spammers and designing viruses that try to evade detection.

So after mobile phones, what could possibly be the next target? Skype, according to Hypponen. The peer-to-peer Internet phone service is an ideal mark for malware writers because it is designed to bypass firewalls.

While he waits to begin his next battle with virus writers, Hypponen directs his passion for reverse engineering toward rebuilding and restoring old pinball machines and arcade games. It is not just about reclaiming part of his youth, he says. It is also about preserving a golden era in computer history. “If no one else saves them, they will disappear.”